VAR-200806-0185
Vulnerability from variot - Updated: 2025-04-10 22:57Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions. Versions prior to QuickTime 7.5 are affected. NOTE: This BID is being retired; the following individual records have been created to better document the issues: 29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability 29650 Apple QuickTime 'file:' URI File Execution Vulnerability 29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability 29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability 29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA29293
VERIFY ADVISORY: http://secunia.com/advisories/29293/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/
DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData structure in a PICT file can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
5) An error in the handling of "file:" URLs can be exploited to e.g. execute arbitrary programs when playing specially crafted QuickTIme content in QuickTime Player.
SOLUTION: Update to version 7.5 (via Software Update or Apple Downloads. See vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1) Dyon Balding, Secunia Research 2) Independently discovered by: * Dave Soldera, NGS Software * Jens Alfke 3) Liam O Murchu, Symantec 4) An anonymous researcher, reported via ZDI 5) Independently discovered by: * Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs * Petko D. (pdp) Petkov, GNUCITIZEN
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT1991
Secunia Research: http://secunia.com/secunia_research/2008-9/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-162C
Apple Quicktime Updates for Multiple Vulnerabilities
Original release date: June 10, 2008 Last revised: -- Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.5
* Microsoft Windows running versions of QuickTime prior to 7.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991.
I. Apple QuickTime 7.5 addresses these vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable.
II. For further information, please see Apple knowledgebase article HT1991 about the security content of QuickTime 7.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.
IV. References
* About the security content of the QuickTime 7.5 Update -
<http://support.apple.com/kb/HT1991>
* How to tell if Software Update for Windows is working correctly when no
updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* US-CERT Vulnerability Notes for QuickTime 7.5 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA08-162C Feedback VU#132419" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
June 10, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3 8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5 FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg== =e01A -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200806-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quicktime",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "quicktime",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "quicktime player",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "7.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.3.1.70"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.4.5"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "quicktime player",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#132419"
},
{
"db": "BID",
"id": "29619"
},
{
"db": "BID",
"id": "29654"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:quicktime",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dyon BaldingDave SolderaRahul Mohandas",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1582",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2008-1582",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-31707",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-1582",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#132419",
"trust": 0.8,
"value": "18.25"
},
{
"author": "NVD",
"id": "CVE-2008-1582",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200806-142",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31707",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#132419"
},
{
"db": "VULHUB",
"id": "VHN-31707"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. \nThese issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, \u0027file:\u0027 URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions. \nVersions prior to QuickTime 7.5 are affected. \nNOTE: This BID is being retired; the following individual records have been created to better document the issues:\n29649 Apple QuickTime \u0027PICT\u0027 Image \u0027PixData\u0027 Structures Handling Heap Overflow Vulnerability\n29650 Apple QuickTime \u0027file:\u0027 URI File Execution Vulnerability\n29654 Apple QuickTime \u0027AAC-encoded\u0027 Media Memory Corruption Vulnerability\n29648 Apple QuickTime \u0027PICT\u0027 Image Buffer Overflow Vulnerability\n29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple QuickTime Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA29293\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29293/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApple QuickTime 7.x\nhttp://secunia.com/product/5090/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apple QuickTime, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\n1) A boundary error when parsing packed scanlines from a PixData\nstructure in a PICT file can be exploited to cause a heap-based\nbuffer overflow via a specially crafted PICT file. \n\n5) An error in the handling of \"file:\" URLs can be exploited to e.g. \nexecute arbitrary programs when playing specially crafted QuickTIme\ncontent in QuickTime Player. \n\nSOLUTION:\nUpdate to version 7.5 (via Software Update or Apple Downloads. See\nvendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Dyon Balding, Secunia Research\n2) Independently discovered by:\n* Dave Soldera, NGS Software\n* Jens Alfke\n3) Liam O Murchu, Symantec\n4) An anonymous researcher, reported via ZDI\n5) Independently discovered by:\n* Vinoo Thomas and Rahul Mohandas, McAfee Avert Labs\n* Petko D. (pdp) Petkov, GNUCITIZEN\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT1991\n\nSecunia Research:\nhttp://secunia.com/secunia_research/2008-9/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA08-162C\n\n\nApple Quicktime Updates for Multiple Vulnerabilities\n\n Original release date: June 10, 2008\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Apple Mac OS X running versions of QuickTime prior to 7.5\n * Microsoft Windows running versions of QuickTime prior to 7.5\n\n\nOverview\n\n Apple QuickTime contains multiple vulnerabilities as described in the Apple\n Knowledgebase article HT1991. \n\n\nI. Apple QuickTime 7.5 addresses these\n vulnerabilities. \n\n Note that Apple iTunes for Windows installs QuickTime, so any system with\n iTunes may be vulnerable. \n\n\nII. For further\n information, please see Apple knowledgebase article HT1991 about the\n security content of QuickTime 7.5\n\n\nIII. Solution\n\nUpgrade QuickTime\n\n Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available\n via Apple Update. \n\nSecure your web browser\n\n To help mitigate these and other vulnerabilities that can be exploited via a\n web browser, refer to Securing Your Web Browser. \n\n\nIV. References\n\n * About the security content of the QuickTime 7.5 Update -\n \u003chttp://support.apple.com/kb/HT1991\u003e\n\n * How to tell if Software Update for Windows is working correctly when no\n updates are available -\n \u003chttp://docs.info.apple.com/article.html?artnum=304263\u003e\n\n * Apple - QuickTime - Download -\n \u003chttp://www.apple.com/quicktime/download/\u003e\n\n * Mac OS X: Updating your software -\n \u003chttp://docs.info.apple.com/article.html?artnum=106704\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n * US-CERT Vulnerability Notes for QuickTime 7.5 -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_quicktime_7.5\u003e\n\n____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA08-162C.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-162C Feedback VU#132419\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2008 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n June 10, 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws\nxPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb\nRij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3\n8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM\nTJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5\nFTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==\n=e01A\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1582"
},
{
"db": "CERT/CC",
"id": "VU#132419"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "BID",
"id": "29619"
},
{
"db": "BID",
"id": "29654"
},
{
"db": "VULHUB",
"id": "VHN-31707"
},
{
"db": "PACKETSTORM",
"id": "67149"
},
{
"db": "PACKETSTORM",
"id": "67176"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1582",
"trust": 3.1
},
{
"db": "BID",
"id": "29654",
"trust": 2.8
},
{
"db": "BID",
"id": "29619",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA08-162C",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "29293",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1020214",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-1776",
"trust": 1.7
},
{
"db": "XF",
"id": "42944",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#132419",
"trust": 1.1
},
{
"db": "USCERT",
"id": "SA08-162C",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "TA08-162C",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-06-09",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-08-038",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-08-037",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-31707",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "67149",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "67176",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#132419"
},
{
"db": "VULHUB",
"id": "VHN-31707"
},
{
"db": "BID",
"id": "29619"
},
{
"db": "BID",
"id": "29654"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "PACKETSTORM",
"id": "67149"
},
{
"db": "PACKETSTORM",
"id": "67176"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"id": "VAR-200806-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31707"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:57:06.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QuickTime 7.5",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1991"
},
{
"title": "QuickTime 7.5",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1991?locale=ja_JP"
},
{
"title": "TA08-162C",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-162c.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31707"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/29619"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/29654"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-162c.html"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/29293"
},
{
"trust": 2.4,
"url": "http://support.apple.com/kb/ht1991"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/jun/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020214"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2008/1776/references"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/42944"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1776/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42944"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1582"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-162c/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-162c/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1582"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2008/jun/1020214.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-162c.html"
},
{
"trust": 0.6,
"url": "http://www.apple.com/quicktime/"
},
{
"trust": 0.3,
"url": "/archive/1/493225"
},
{
"trust": 0.3,
"url": "/archive/1/493247"
},
{
"trust": 0.3,
"url": "/archive/1/493248"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_research/2008-9/advisory/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/132419"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-037"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-08-038"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5090/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_research/2008-9/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29293/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=304263\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_quicktime_7.5\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/quicktime/download/\u003e"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1991\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-162c.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#132419"
},
{
"db": "VULHUB",
"id": "VHN-31707"
},
{
"db": "BID",
"id": "29619"
},
{
"db": "BID",
"id": "29654"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "PACKETSTORM",
"id": "67149"
},
{
"db": "PACKETSTORM",
"id": "67176"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#132419"
},
{
"db": "VULHUB",
"id": "VHN-31707"
},
{
"db": "BID",
"id": "29619"
},
{
"db": "BID",
"id": "29654"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"db": "PACKETSTORM",
"id": "67149"
},
{
"db": "PACKETSTORM",
"id": "67176"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-06-10T00:00:00",
"db": "CERT/CC",
"id": "VU#132419"
},
{
"date": "2008-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31707"
},
{
"date": "2008-06-10T00:00:00",
"db": "BID",
"id": "29619"
},
{
"date": "2008-06-09T00:00:00",
"db": "BID",
"id": "29654"
},
{
"date": "2008-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"date": "2008-06-11T00:36:08",
"db": "PACKETSTORM",
"id": "67149"
},
{
"date": "2008-06-11T03:00:24",
"db": "PACKETSTORM",
"id": "67176"
},
{
"date": "2008-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"date": "2008-06-10T18:32:00",
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-06-10T00:00:00",
"db": "CERT/CC",
"id": "VU#132419"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-31707"
},
{
"date": "2008-06-11T17:22:00",
"db": "BID",
"id": "29619"
},
{
"date": "2008-06-11T20:22:00",
"db": "BID",
"id": "29654"
},
{
"date": "2008-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001436"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-142"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-1582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "67176"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-142"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime \"file: URL\" arbitrary code execution",
"sources": [
{
"db": "CERT/CC",
"id": "VU#132419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "29619"
},
{
"db": "BID",
"id": "29654"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…